Scammers have been impersonating members of Kraken’s token listing team and employees in recent weeks, promising coverage of projects in exchange for a fee.
Kraken, a digital-asset exchange operating from the United States, said on Friday that cryptocurrency teams that use LinkedIn and Telegram should be on high alert. They were advised to watch out for would-be scammers posing as Kraken staff, as these efforts appear to be targeting users of these social networks in particular.
Kraken said its staff involved in the listing process does not, and will never, contact a project or cryptocurrency by social media or chat applications.
If you are being contacted by someone called Liz Cohen, Darin Zumberi or Jing Kang, claiming to be one of Kraken employees on Telegram or LinkedIn, the exchange said know the account reaching out is a fraud.
Kraken tracked some of this activity, shedding light on the situation. The exchange said in most cases it reviewed, scammers have gotten sophisticated to the point where they sent phishing emails using domain addresses that look legitimate and appear to be associated with Kraken. This technique is called Punycode, which tries to deceive users by replacing one or more characters in the URL with similar-looking characters from another character script.
“To protect yourself and your business against Punycode phishing: we recommend adding filters to check the header on inbound emails for ‘xn--‘. Our security team advises you quarantine these messages by default, review them regularly and add exceptions for any legitimate domains you communicate with,” Kraken said.